CVE-2020-5410
Directory Traversal with spring-cloud-config-server
In short
Spring Cloud Config Server can be tricked into serving files outside its intended configuration directory through a specially crafted URL, allowing attackers to access sensitive files on the system.
Technical detail
Directory traversal vulnerability in spring-cloud-config-server allows unauthenticated attackers to bypass path restrictions via malformed URLs, potentially exposing arbitrary files accessible to the application process. Affects versions 2.2.x before 2.2.3 and 2.1.x before 2.1.9.
Summary generated and translated by AI from the official description.
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Spring by VMware · Spring Cloud Configpublic PoCs found — 3
githubgithub.com/osamahamad/CVE-2020-5410-POC★ 30githubgithub.com/dead5nd/config-demo★ 0githubgithub.com/shoucheng3/spring-cloud__spring-cloud-config_CVE-2020-5410_2-1-8-RELEASE★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →